Example 6 with TremoloUser
use of com.tremolosecurity.provisioning.service.util.TremoloUser in project OpenUnison by TremoloSecurity.
the class Registration method doFilter.
@Override
public void doFilter(HttpFilterRequest request, HttpFilterResponse response, HttpFilterChain chain) throws Exception {
if (request.getMethod().equalsIgnoreCase("GET")) {
// TODO switch this off
AuthInfo userData = ((AuthController) request.getSession().getAttribute(ProxyConstants.AUTH_CTL)).getAuthInfo();
String accountName = userData.getAttribs().get(this.uidAttributeName).getValues().get(0);
List<SecurityKeyData> keys = U2fUtil.loadUserKeys(userData, challengeStoreAttribute, encyrptionKeyName);
Set<String> origins = new HashSet<String>();
String appID = U2fUtil.getApplicationId(request.getServletRequest());
origins.add(appID);
U2FServer u2f = new U2FServerUnison(this.challengeGen, new UnisonDataStore(UUID.randomUUID().toString(), keys, (this.requireAttestation ? this.attestationCerts : new HashSet<X509Certificate>())), new BouncyCastleCrypto(), origins, this.requireAttestation);
RegistrationRequest regRequest = u2f.getRegistrationRequest(accountName, appID);
request.getSession().setAttribute(Registration.REGISTRATION_REQUEST_JSON, gson.toJson(regRequest));
request.getSession().setAttribute(Registration.REGISTRATION_REQUEST, regRequest);
request.getSession().setAttribute(Registration.SERVER, u2f);
request.setAttribute(REGISTRATION_URI, request.getRequestURL().toString());
request.getRequestDispatcher(this.challengeURI).forward(request.getServletRequest(), response.getServletResponse());
} else if (request.getMethod().equalsIgnoreCase("POST")) {
U2FServer u2f = (U2FServer) request.getSession().getAttribute(SERVER);
if (logger.isDebugEnabled()) {
logger.debug("response : '" + request.getParameter("tokenResponse").getValues().get(0) + "'");
}
RegistrationResponseHolder rrh = gson.fromJson(request.getParameter("tokenResponse").getValues().get(0), RegistrationResponseHolder.class);
RegistrationResponse rr = new RegistrationResponse(rrh.getRegistrationData(), rrh.getClientData(), rrh.getClientData());
try {
u2f.processRegistrationResponse(rr, System.currentTimeMillis());
} catch (U2FException e) {
logger.error("Could not register", e);
request.setAttribute("register.result", false);
request.getRequestDispatcher(this.registrationCompleteURI).forward(request.getServletRequest(), response.getServletResponse());
return;
}
AuthInfo userData = ((AuthController) request.getSession().getAttribute(ProxyConstants.AUTH_CTL)).getAuthInfo();
String encrypted = U2fUtil.encode(u2f.getAllSecurityKeys("doesntmatter"), encyrptionKeyName);
WFCall wc = new WFCall();
wc.setName(this.workflowName);
wc.setUidAttributeName(this.uidAttributeName);
TremoloUser tu = new TremoloUser();
tu.setUid(userData.getAttribs().get(this.uidAttributeName).getValues().get(0));
tu.getAttributes().add(new Attribute(this.uidAttributeName, userData.getAttribs().get(this.uidAttributeName).getValues().get(0)));
tu.getAttributes().add(new Attribute(this.challengeStoreAttribute, encrypted));
wc.setUser(tu);
Map<String, Object> req = new HashMap<String, Object>();
req.put(ProvisioningParams.UNISON_EXEC_TYPE, ProvisioningParams.UNISON_EXEC_SYNC);
wc.setRequestParams(req);
GlobalEntries.getGlobalEntries().getConfigManager().getProvisioningEngine().getWorkFlow(this.workflowName).executeWorkflow(wc);
request.setAttribute("register.result", true);
request.getRequestDispatcher(this.registrationCompleteURI).forward(request.getServletRequest(), response.getServletResponse());
}
}
Also used :
AuthInfo(com.tremolosecurity.proxy.auth.AuthInfo)
U2FServer(com.google.u2f.server.U2FServer)
WFCall(com.tremolosecurity.provisioning.service.util.WFCall)
BouncyCastleCrypto(com.google.u2f.server.impl.BouncyCastleCrypto)
Attribute(com.tremolosecurity.saml.Attribute)
AuthController(com.tremolosecurity.proxy.auth.AuthController)
RegistrationRequest(com.google.u2f.server.messages.RegistrationRequest)
SecurityKeyData(com.google.u2f.server.data.SecurityKeyData)
TremoloUser(com.tremolosecurity.provisioning.service.util.TremoloUser)
U2FException(com.google.u2f.U2FException)
RegistrationResponse(com.google.u2f.server.messages.RegistrationResponse)
HashMap(java.util.HashMap)
Map(java.util.Map)
HashSet(java.util.HashSet)
Example 7 with TremoloUser
use of com.tremolosecurity.provisioning.service.util.TremoloUser in project OpenUnison by TremoloSecurity.
the class U2fAuth method doGet.
@Override
public void doGet(HttpServletRequest request, HttpServletResponse response, AuthStep as) throws IOException, ServletException {
if (request.getParameter("signResponse") == null) {
startAuthentication(request, response, as);
} else {
SignResponseHolder srh = gson.fromJson(request.getParameter("signResponse"), SignResponseHolder.class);
AuthInfo userData = ((AuthController) request.getSession().getAttribute(ProxyConstants.AUTH_CTL)).getAuthInfo();
// SharedSession.getSharedSession().getSession(req.getSession().getId());
HttpSession session = ((HttpServletRequest) request).getSession();
UrlHolder holder = (UrlHolder) request.getAttribute(ProxyConstants.AUTOIDM_CFG);
RequestHolder reqHolder = ((AuthController) request.getSession().getAttribute(ProxyConstants.AUTH_CTL)).getHolder();
String urlChain = holder.getUrl().getAuthChain();
AuthChainType act = holder.getConfig().getAuthChains().get(reqHolder.getAuthChainName());
AuthMechType amt = act.getAuthMech().get(as.getId());
HashMap<String, Attribute> authParams = (HashMap<String, Attribute>) session.getAttribute(ProxyConstants.AUTH_MECH_PARAMS);
String challengeStoreAttribute = authParams.get("attribute").getValues().get(0);
String encyrptionKeyName = authParams.get("encryptionKeyName").getValues().get(0);
String uidAttributeName = authParams.get("uidAttributeName").getValues().get(0);
String workflowName = authParams.get("workflowName").getValues().get(0);
if (srh.getErrorCode() > 0) {
logger.warn("Browser could not validate u2f token for user '" + userData.getUserDN() + "' : " + srh.getErrorCode());
if (amt.getRequired().equals("required")) {
as.setSuccess(false);
}
holder.getConfig().getAuthManager().nextAuth(request, response, session, false);
return;
}
U2FServer u2f = (U2FServer) request.getSession().getAttribute(SERVER);
SignResponse sigResp = new SignResponse(srh.getKeyHandle(), srh.getSignatureData(), srh.getClientData(), srh.getSessionId());
try {
u2f.processSignResponse(sigResp);
} catch (U2FException e) {
logger.warn("Could not authenticate user : '" + e.getMessage() + "'");
if (amt.getRequired().equals("required")) {
as.setSuccess(false);
}
holder.getConfig().getAuthManager().nextAuth(request, response, session, false);
return;
}
String encrypted;
try {
encrypted = U2fUtil.encode(u2f.getAllSecurityKeys("doesntmatter"), encyrptionKeyName);
} catch (Exception e) {
throw new ServletException("Could not encrypt keys");
}
WFCall wc = new WFCall();
wc.setName(workflowName);
wc.setUidAttributeName(uidAttributeName);
TremoloUser tu = new TremoloUser();
tu.setUid(userData.getAttribs().get(uidAttributeName).getValues().get(0));
tu.getAttributes().add(new Attribute(uidAttributeName, userData.getAttribs().get(uidAttributeName).getValues().get(0)));
tu.getAttributes().add(new Attribute(challengeStoreAttribute, encrypted));
wc.setUser(tu);
Map<String, Object> req = new HashMap<String, Object>();
req.put(ProvisioningParams.UNISON_EXEC_TYPE, ProvisioningParams.UNISON_EXEC_SYNC);
wc.setRequestParams(req);
try {
GlobalEntries.getGlobalEntries().getConfigManager().getProvisioningEngine().getWorkFlow(workflowName).executeWorkflow(wc);
} catch (ProvisioningException e) {
throw new ServletException("Could not save keys", e);
}
as.setSuccess(true);
holder.getConfig().getAuthManager().nextAuth(request, response, session, false);
}
}
Also used :
AuthInfo(com.tremolosecurity.proxy.auth.AuthInfo)
U2FServer(com.google.u2f.server.U2FServer)
WFCall(com.tremolosecurity.provisioning.service.util.WFCall)
Attribute(com.tremolosecurity.saml.Attribute)
HashMap(java.util.HashMap)
HttpSession(javax.servlet.http.HttpSession)
AuthMechType(com.tremolosecurity.config.xml.AuthMechType)
RequestHolder(com.tremolosecurity.proxy.auth.RequestHolder)
AuthController(com.tremolosecurity.proxy.auth.AuthController)
ServletException(javax.servlet.ServletException)
U2FException(com.google.u2f.U2FException)
MalformedURLException(java.net.MalformedURLException)
ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)
IOException(java.io.IOException)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
UrlHolder(com.tremolosecurity.config.util.UrlHolder)
ServletException(javax.servlet.ServletException)
SignResponse(com.google.u2f.server.messages.SignResponse)
TremoloUser(com.tremolosecurity.provisioning.service.util.TremoloUser)
ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)
U2FException(com.google.u2f.U2FException)
AuthChainType(com.tremolosecurity.config.xml.AuthChainType)
Example 8 with TremoloUser
use of com.tremolosecurity.provisioning.service.util.TremoloUser in project OpenUnison by TremoloSecurity.
the class ScalePassword method doFilter.
@Override
public void doFilter(HttpFilterRequest request, HttpFilterResponse response, HttpFilterChain chain) throws Exception {
Gson gson = new Gson();
request.getServletRequest().setAttribute("com.tremolosecurity.unison.proxy.noRedirectOnError", "com.tremolosecurity.unison.proxy.noRedirectOnError");
if (request.getRequestURI().endsWith("/password/config")) {
response.setContentType("application/json");
ScalePasswordUser ssru = new ScalePasswordUser();
ssru.setConfig(scaleConfig);
AuthInfo userData = ((AuthController) request.getSession().getAttribute(ProxyConstants.AUTH_CTL)).getAuthInfo();
Attribute displayNameAttribute = userData.getAttribs().get(this.scaleConfig.getDisplayNameAttribute());
if (displayNameAttribute != null) {
ssru.setDisplayName(displayNameAttribute.getValues().get(0));
} else {
ssru.setDisplayName("Unknown");
}
ScaleJSUtils.addCacheHeaders(response);
response.getWriter().println(gson.toJson(ssru).trim());
} else if (request.getMethod().equalsIgnoreCase("POST") && request.getRequestURI().endsWith("/password/submit")) {
AuthInfo userData = ((AuthController) request.getSession().getAttribute(ProxyConstants.AUTH_CTL)).getAuthInfo();
String json = new String((byte[]) request.getAttribute(ProxySys.MSG_BODY));
ScaleJSPasswordRequest sr = gson.fromJson(json, ScaleJSPasswordRequest.class);
ScaleError errors = new ScaleError();
if (sr.getPassword1() == null || sr.getPassword2() == null) {
errors.getErrors().add("Passwords are missing");
} else if (!sr.getPassword1().equals(sr.getPassword2())) {
errors.getErrors().add("Passwords do not match");
} else {
List<String> valErrors = this.validator.validate(sr.getPassword1(), userData);
if (valErrors != null && !valErrors.isEmpty()) {
errors.getErrors().addAll(valErrors);
}
if (errors.getErrors().isEmpty()) {
ConfigManager cfgMgr = GlobalEntries.getGlobalEntries().getConfigManager();
WFCall wfCall = new WFCall();
wfCall.setName(this.scaleConfig.getWorkflowName());
wfCall.setReason(this.scaleConfig.getReason());
wfCall.setUidAttributeName(this.scaleConfig.getUidAttribute());
if (this.scaleConfig.isRunSynchronously()) {
wfCall.getRequestParams().put(ProvisioningParams.UNISON_EXEC_TYPE, ProvisioningParams.UNISON_EXEC_SYNC);
} else {
wfCall.getRequestParams().put(ProvisioningParams.UNISON_EXEC_TYPE, ProvisioningParams.UNISON_EXEC_ASYNC);
}
TremoloUser tu = new TremoloUser();
tu.setUid(userData.getAttribs().get(this.scaleConfig.getUidAttribute()).getValues().get(0));
tu.getAttributes().add(new Attribute(this.scaleConfig.getUidAttribute(), userData.getAttribs().get(this.scaleConfig.getUidAttribute()).getValues().get(0)));
tu.setUserPassword(sr.getPassword1());
wfCall.setUser(tu);
try {
com.tremolosecurity.provisioning.workflow.ExecuteWorkflow exec = new com.tremolosecurity.provisioning.workflow.ExecuteWorkflow();
exec.execute(wfCall, GlobalEntries.getGlobalEntries().getConfigManager());
} catch (Exception e) {
logger.error("Could not update user", e);
if (this.scaleConfig.isRunSynchronously()) {
errors.getErrors().add("Unable to set your password, make sure it meets with complexity requirements");
} else {
errors.getErrors().add("Please contact your system administrator");
}
}
}
}
if (errors.getErrors().size() > 0) {
response.setStatus(500);
response.getWriter().print(gson.toJson(errors).trim());
response.getWriter().flush();
}
}
}
Also used :
AuthInfo(com.tremolosecurity.proxy.auth.AuthInfo)
WFCall(com.tremolosecurity.provisioning.service.util.WFCall)
Attribute(com.tremolosecurity.saml.Attribute)
Gson(com.google.gson.Gson)
ScalePasswordUser(com.tremolosecurity.scalejs.password.data.ScalePasswordUser)
ScaleError(com.tremolosecurity.scalejs.data.ScaleError)
ScaleJSPasswordRequest(com.tremolosecurity.scalejs.password.data.ScaleJSPasswordRequest)
AuthController(com.tremolosecurity.proxy.auth.AuthController)
ConfigManager(com.tremolosecurity.config.util.ConfigManager)
TremoloUser(com.tremolosecurity.provisioning.service.util.TremoloUser)
Example 9 with TremoloUser
use of com.tremolosecurity.provisioning.service.util.TremoloUser in project OpenUnison by TremoloSecurity.
the class ScaleMain method executeWorkflows.
private void executeWorkflows(HttpFilterRequest request, HttpFilterResponse response, Gson gson) throws Exception {
Type listType = new TypeToken<ArrayList<WorkflowRequest>>() {
}.getType();
byte[] requestBytes = (byte[]) request.getAttribute(ProxySys.MSG_BODY);
String requestString = new String(requestBytes, StandardCharsets.UTF_8);
List<WorkflowRequest> reqs = gson.fromJson(requestString, listType);
HashMap<String, String> results = new HashMap<String, String>();
for (WorkflowRequest req : reqs) {
if (req.getReason() == null || req.getReason().isEmpty()) {
results.put(req.getUuid(), "Reason is required");
} else {
HashSet<String> allowedOrgs = new HashSet<String>();
AuthInfo userData = ((AuthController) request.getSession().getAttribute(ProxyConstants.AUTH_CTL)).getAuthInfo();
OrgType ot = GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getProvisioning().getOrg();
AzSys az = new AzSys();
this.checkOrg(allowedOrgs, ot, az, userData, request.getSession());
String orgid = null;
List<WorkflowType> wfs = GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getProvisioning().getWorkflows().getWorkflow();
for (WorkflowType wf : wfs) {
if (wf.getName().equals(req.getName())) {
orgid = wf.getOrgid();
break;
}
}
if (orgid == null) {
results.put(req.getUuid(), "Not Found");
} else if (!allowedOrgs.contains(orgid)) {
results.put(req.getUuid(), "Unauthorized");
} else {
WFCall wfCall = new WFCall();
wfCall.setName(req.getName());
String requestReason = req.getReason().trim();
if (requestReason.length() > 255) {
logger.warn("Reason is oversized : " + requestReason.length());
requestReason = requestReason.substring(0, 255);
}
wfCall.setReason(requestReason);
wfCall.setUidAttributeName(this.scaleConfig.getUidAttributeName());
wfCall.setEncryptedParams(req.getEncryptedParams());
TremoloUser tu = new TremoloUser();
if (req.getSubjects() == null || req.getSubjects().isEmpty()) {
tu.setUid(userData.getAttribs().get(this.scaleConfig.getUidAttributeName()).getValues().get(0));
tu.getAttributes().add(new Attribute(this.scaleConfig.getUidAttributeName(), userData.getAttribs().get(this.scaleConfig.getUidAttributeName()).getValues().get(0)));
wfCall.setUser(tu);
try {
com.tremolosecurity.provisioning.workflow.ExecuteWorkflow exec = new com.tremolosecurity.provisioning.workflow.ExecuteWorkflow();
exec.execute(wfCall, GlobalEntries.getGlobalEntries().getConfigManager());
results.put(req.getUuid(), "success");
} catch (Exception e) {
logger.error("Could not update user", e);
results.put(req.getUuid(), "Error, please contact your system administrator");
}
} else {
PreCheckResponse preCheckResp = new PreCheckResponse();
checkPreCheck(request, userData, allowedOrgs, req.getName(), orgid, preCheckResp);
StringBuffer errors = new StringBuffer();
if (preCheckResp.isCanDelegate()) {
for (String subject : req.getSubjects()) {
// execute for each subject
wfCall = new WFCall();
wfCall.setName(req.getName());
wfCall.setReason(req.getReason());
wfCall.setUidAttributeName(this.scaleConfig.getUidAttributeName());
wfCall.setEncryptedParams(req.getEncryptedParams());
wfCall.setRequestor(userData.getAttribs().get(this.scaleConfig.getUidAttributeName()).getValues().get(0));
tu = new TremoloUser();
wfCall.setUser(tu);
LDAPSearchResults searchRes = GlobalEntries.getGlobalEntries().getConfigManager().getMyVD().search(GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getLdapRoot(), 2, equal(this.scaleConfig.getUidAttributeName(), subject).toString(), new ArrayList<String>());
if (searchRes.hasMore()) {
LDAPEntry entry = searchRes.next();
if (entry == null) {
errors.append("Error, user " + subject + " does not exist;");
} else {
startSubjectWorkflow(errors, req, wfCall, tu, subject, entry, preCheckResp);
}
} else {
errors.append("Error, user " + subject + " does not exist;");
}
while (searchRes.hasMore()) searchRes.next();
}
if (errors.length() == 0) {
results.put(req.getUuid(), "success");
} else {
results.put(req.getUuid(), errors.toString().substring(0, errors.toString().length() - 1));
}
} else {
results.put(req.getUuid(), "Unable to submit");
logger.warn("User '" + userData.getUserDN() + "' not allowed to request for others for '" + req.getName() + "'");
}
}
}
}
}
ScaleJSUtils.addCacheHeaders(response);
response.setContentType("application/json");
response.getWriter().println(gson.toJson(results).trim());
}
Also used :
HashMap(java.util.HashMap)
Attribute(com.tremolosecurity.saml.Attribute)
LDAPAttribute(com.novell.ldap.LDAPAttribute)
ScaleAttribute(com.tremolosecurity.scalejs.cfg.ScaleAttribute)
ArrayList(java.util.ArrayList)
XSSFRichTextString(org.apache.poi.xssf.usermodel.XSSFRichTextString)
RichTextString(org.apache.poi.ss.usermodel.RichTextString)
LDAPEntry(com.novell.ldap.LDAPEntry)
TremoloUser(com.tremolosecurity.provisioning.service.util.TremoloUser)
HashSet(java.util.HashSet)
AuthInfo(com.tremolosecurity.proxy.auth.AuthInfo)
WFCall(com.tremolosecurity.provisioning.service.util.WFCall)
PreCheckResponse(com.tremolosecurity.scalejs.data.PreCheckResponse)
AuthController(com.tremolosecurity.proxy.auth.AuthController)
ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)
LDAPException(com.novell.ldap.LDAPException)
SQLException(java.sql.SQLException)
IOException(java.io.IOException)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
MalformedURLException(java.net.MalformedURLException)
OrgType(com.tremolosecurity.config.xml.OrgType)
ReportType(com.tremolosecurity.config.xml.ReportType)
ReportsType(com.tremolosecurity.config.xml.ReportsType)
PortalUrlsType(com.tremolosecurity.config.xml.PortalUrlsType)
ApplicationType(com.tremolosecurity.config.xml.ApplicationType)
Type(java.lang.reflect.Type)
PortalUrlType(com.tremolosecurity.config.xml.PortalUrlType)
ParamType(com.tremolosecurity.config.xml.ParamType)
AzRuleType(com.tremolosecurity.config.xml.AzRuleType)
WorkflowType(com.tremolosecurity.config.xml.WorkflowType)
LDAPSearchResults(com.novell.ldap.LDAPSearchResults)
OrgType(com.tremolosecurity.config.xml.OrgType)
WorkflowType(com.tremolosecurity.config.xml.WorkflowType)
AzSys(com.tremolosecurity.proxy.auth.AzSys)
WorkflowRequest(com.tremolosecurity.scalejs.data.WorkflowRequest)
Example 10 with TremoloUser
use of com.tremolosecurity.provisioning.service.util.TremoloUser in project OpenUnison by TremoloSecurity.
the class ScaleMain method saveUser.
private void saveUser(HttpFilterRequest request, HttpFilterResponse response, Gson gson) throws IOException {
ScaleError errors = new ScaleError();
String json = new String((byte[]) request.getAttribute(ProxySys.MSG_BODY));
AuthInfo userData = ((AuthController) request.getSession().getAttribute(ProxyConstants.AUTH_CTL)).getAuthInfo();
Set<String> allowedAttrs = null;
if (this.scaleConfig.getUiDecisions() != null) {
allowedAttrs = this.scaleConfig.getUiDecisions().availableAttributes(userData, request.getServletRequest());
}
JsonElement root = new JsonParser().parse(json);
JsonObject jo = root.getAsJsonObject();
HashMap<String, String> values = new HashMap<String, String>();
boolean ok = true;
for (Entry<String, JsonElement> entry : jo.entrySet()) {
String attributeName = entry.getKey();
if (allowedAttrs == null || allowedAttrs.contains(attributeName)) {
String value = entry.getValue().getAsJsonObject().get("value").getAsString();
if (this.scaleConfig.getAttributes().get(attributeName) == null) {
errors.getErrors().add("Invalid attribute : '" + attributeName + "'");
ok = false;
} else if (this.scaleConfig.getAttributes().get(attributeName).isReadOnly()) {
errors.getErrors().add("Attribute is read only : '" + this.scaleConfig.getAttributes().get(attributeName).getDisplayName() + "'");
ok = false;
} else if (this.scaleConfig.getAttributes().get(attributeName).isRequired() && value.length() == 0) {
errors.getErrors().add("Attribute is required : '" + this.scaleConfig.getAttributes().get(attributeName).getDisplayName() + "'");
ok = false;
} else if (this.scaleConfig.getAttributes().get(attributeName).getMinChars() > 0 && this.scaleConfig.getAttributes().get(attributeName).getMinChars() > value.length()) {
errors.getErrors().add(this.scaleConfig.getAttributes().get(attributeName).getDisplayName() + " must have at least " + this.scaleConfig.getAttributes().get(attributeName).getMinChars() + " characters");
ok = false;
} else if (this.scaleConfig.getAttributes().get(attributeName).getMaxChars() > 0 && this.scaleConfig.getAttributes().get(attributeName).getMaxChars() < value.length()) {
errors.getErrors().add(this.scaleConfig.getAttributes().get(attributeName).getDisplayName() + " must have at most " + this.scaleConfig.getAttributes().get(attributeName).getMaxChars() + " characters");
ok = false;
} else if (this.scaleConfig.getAttributes().get(attributeName).getPattern() != null) {
try {
Matcher m = this.scaleConfig.getAttributes().get(attributeName).getPattern().matcher(value);
if (m == null || !m.matches()) {
ok = false;
}
} catch (Exception e) {
ok = false;
}
if (!ok) {
errors.getErrors().add("Attribute value not valid : '" + this.scaleConfig.getAttributes().get(attributeName).getDisplayName() + "' - " + this.scaleConfig.getAttributes().get(attributeName).getRegExFailedMsg());
}
}
values.put(attributeName, value);
}
}
for (String attrName : this.scaleConfig.getAttributes().keySet()) {
if (this.scaleConfig.getAttributes().get(attrName).isRequired() && !values.containsKey(attrName) && (allowedAttrs == null || allowedAttrs.contains(attrName))) {
errors.getErrors().add("Attribute is required : '" + this.scaleConfig.getAttributes().get(attrName).getDisplayName() + "'");
ok = false;
}
}
if (ok) {
ConfigManager cfgMgr = GlobalEntries.getGlobalEntries().getConfigManager();
WFCall wfCall = new WFCall();
wfCall.setName(this.scaleConfig.getWorkflowName());
wfCall.setReason("User update");
wfCall.setUidAttributeName(this.scaleConfig.getUidAttributeName());
TremoloUser tu = new TremoloUser();
tu.setUid(userData.getAttribs().get(this.scaleConfig.getUidAttributeName()).getValues().get(0));
for (String name : values.keySet()) {
tu.getAttributes().add(new Attribute(name, values.get(name)));
}
tu.getAttributes().add(new Attribute(this.scaleConfig.getUidAttributeName(), userData.getAttribs().get(this.scaleConfig.getUidAttributeName()).getValues().get(0)));
wfCall.setUser(tu);
try {
com.tremolosecurity.provisioning.workflow.ExecuteWorkflow exec = new com.tremolosecurity.provisioning.workflow.ExecuteWorkflow();
exec.execute(wfCall, GlobalEntries.getGlobalEntries().getConfigManager());
lookupUser(request, response, gson);
} catch (Exception e) {
logger.error("Could not update user", e);
response.setStatus(500);
ScaleError error = new ScaleError();
error.getErrors().add("Please contact your system administrator");
ScaleJSUtils.addCacheHeaders(response);
response.getWriter().print(gson.toJson(error).trim());
response.getWriter().flush();
}
} else {
response.setStatus(500);
ScaleJSUtils.addCacheHeaders(response);
response.getWriter().print(gson.toJson(errors).trim());
response.getWriter().flush();
}
}
Also used :
AuthInfo(com.tremolosecurity.proxy.auth.AuthInfo)
WFCall(com.tremolosecurity.provisioning.service.util.WFCall)
HashMap(java.util.HashMap)
Matcher(java.util.regex.Matcher)
Attribute(com.tremolosecurity.saml.Attribute)
LDAPAttribute(com.novell.ldap.LDAPAttribute)
ScaleAttribute(com.tremolosecurity.scalejs.cfg.ScaleAttribute)
JsonObject(com.google.gson.JsonObject)
ScaleError(com.tremolosecurity.scalejs.data.ScaleError)
XSSFRichTextString(org.apache.poi.xssf.usermodel.XSSFRichTextString)
RichTextString(org.apache.poi.ss.usermodel.RichTextString)
AuthController(com.tremolosecurity.proxy.auth.AuthController)
ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)
LDAPException(com.novell.ldap.LDAPException)
SQLException(java.sql.SQLException)
IOException(java.io.IOException)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
MalformedURLException(java.net.MalformedURLException)
ConfigManager(com.tremolosecurity.config.util.ConfigManager)
TremoloUser(com.tremolosecurity.provisioning.service.util.TremoloUser)
JsonElement(com.google.gson.JsonElement)
JsonParser(com.google.gson.JsonParser)
Aggregations
TremoloUser (com.tremolosecurity.provisioning.service.util.TremoloUser)18
Attribute (com.tremolosecurity.saml.Attribute)18
WFCall (com.tremolosecurity.provisioning.service.util.WFCall)15
ProvisioningException (com.tremolosecurity.provisioning.core.ProvisioningException)11
Gson (com.google.gson.Gson)9
HashMap (java.util.HashMap)9
AuthInfo (com.tremolosecurity.proxy.auth.AuthInfo)8
IOException (java.io.IOException)8
LDAPSearchResults (com.novell.ldap.LDAPSearchResults)7
AuthController (com.tremolosecurity.proxy.auth.AuthController)7
LDAPEntry (com.novell.ldap.LDAPEntry)6
LDAPException (com.novell.ldap.LDAPException)6
MalformedURLException (java.net.MalformedURLException)6
LDAPAttribute (com.novell.ldap.LDAPAttribute)5
ScaleError (com.tremolosecurity.scalejs.data.ScaleError)5
ArrayList (java.util.ArrayList)5
ConfigManager (com.tremolosecurity.config.util.ConfigManager)4
Workflow (com.tremolosecurity.provisioning.core.Workflow)3
ScaleAttribute (com.tremolosecurity.scalejs.cfg.ScaleAttribute)3
Matcher (java.util.regex.Matcher)3
